5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.0%
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the ‘href’ attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
www.openwall.com/lists/oss-security/2020/07/15/5
jenkins.io/security/advisory/2020-07-15/